home.social

#elasticsecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #elasticsecurity, aggregated by home.social.

  1. I spent too much time banging my head against the wall getting #ElasticSecurity and #Kolide to run well on #immutable #Linux distros like #Fedora #SilverBlue

    Here's the first article:

    unfinished.bike/elastic-agent-

    Linux distro's heading to where macOS today: where the root filesystem is mostly immutable, but not entirely. #ChromeOS arrived there a decade ago, but everyone seems to be moving in the same direction.

  2. Question for Elasticsearch experts. Well, specifically, Elastic Security experts.

    How do you cope with the fact that Elastic Security does not have traditional on-demand/scheduled AV scanning?

    Companies often ask questions about AV scans in their vendor "security questionnaires" and I've never seen a good answer that explains why/how next-gen AV/EDR doesn't do "scanning."

    What do you tell people? How do you get this past ancient regulatory requirements and/or companies who don't know what "EDR" means?

    [Boosts appreciated.
    🚀]

    [Edit: I guess this is a question for anyone using any "next-gen av" or EDR like
    #Crowdstrike or #SentinelOne ]

    #Cybersecurity #InformationSecurity #Elastic #Elasticsearch #ElasticSecurity #EndpointProtection #EDR

  3. Join me for an Elastic Security Community virtual event. I will be giving a tech talk on my Journey Into Malware Research and Reverse Engineering.

    Hope to see you there! 🤩🙌

    Date: Thursday, October 19
    Time: 8am PST/11am EST

    #Elastic #ElasticSecurity #reverseengineering #malwareresearch #securityresearch
    #womenincyber #womenincybersecurity

    Meetup link:
    meetup.com/elastic-united-stat

    Session will be recorded and shared on the YouTube Elastic Community page for those who are unable to attend.

  4. My entry for the Elastic Advent Calendar 2022 is now available 🤩:
    "How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"

    Happy Holidays everyone! ❄️☃️😊

    discuss.elastic.co/t/321832

    #infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar

  5. My entry for the Elastic Advent Calendar 2022 is now available 🤩:
    "How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"

    Happy Holidays everyone! ❄️☃️😊

    discuss.elastic.co/t/321832

    #infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar

  6. My entry for the Elastic Advent Calendar 2022 is now available 🤩:
    "How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"

    Happy Holidays everyone! ❄️☃️😊

    discuss.elastic.co/t/321832

    #infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar

  7. My entry for the Elastic Advent Calendar 2022 is now available 🤩:
    "How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"

    Happy Holidays everyone! ❄️☃️😊

    discuss.elastic.co/t/321832

    #infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar

  8. My entry for the Elastic Advent Calendar 2022 is now available 🤩:
    "How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"

    Happy Holidays everyone! ❄️☃️😊

    discuss.elastic.co/t/321832

    #infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar

  9. YAML configs for:

    1. NSA Events to Monitor List hannahsuarez.github.io/2021/Wi

    2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference hannahsuarez.github.io/2021/Wi

    3. Exploit protection events based on attack surface reduction events hannahsuarez.github.io/2021/Ex

    And, which Windows auditing events require failure and success logging?
    hannahsuarez.github.io/2021/Wh

    YMMV!

    I have a few more to share next week.

    #security #cybersecurity #infosec #elasticsecurity #blueteam